mattermost
607 tracked vulnerabilities.
CVE-2022-2401
MEDIUM
Mattermost < 6.3.9 - Unauthenticated Exposure of Sensitive User Information via API
Jul 14, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-2366
MEDIUM
Mattermost Server <= 6.7.0 - Incorrect Default Permissions via Trusted IP Header
Jul 12, 2022
CVSS 5.6
EPSS 0.01
CVE-2022-1982
MEDIUM
Mattermost < 6.3.8 and 6.6.0 - Authenticated Denial of Service via Crafted SVG Attachment
Jun 02, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1548
LOW
Mattermost Playbooks < 1.25.0 - Privilege Escalation via User Permission Mismanagement
May 03, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-1385
LOW
Mattermost < 6.5.0 - Unauthenticated Exposure of Resource to Wrong Sphere via Email Invitation
Apr 19, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-1384
MEDIUM
Mattermost < 6.5.0 - Authenticated Plugin Version Check Bypass
Apr 19, 2022
CVSS 4.7
EPSS 0.01
CVE-2022-1337
MEDIUM
Mattermost Server < 6.4.2 - Authenticated Denial of Service via Image Proxy Memory Allocation
Apr 13, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1333
LOW
Mattermost Playbooks < 1.24.0 - Authenticated Denial of Service via Webhook Limit Bypass
Apr 13, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-1332
MEDIUM
Mattermost Server 5.37.0-5.37.8 and 6.4.0-6.4.1 - Authenticated Privilege Escalation via API
Apr 13, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1003
LOW
Mattermost <6.3.0 - Privilege Escalation
Mar 18, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-1002
LOW
Mattermost < 6.4.0 - Cross-Site Scripting via Guest User Email Invitation
Mar 18, 2022
CVSS 2.0
EPSS 0.01
CVE-2022-0904
MEDIUM
Mattermost Server <= 6.3.2 - Denial of Service via Malicious Apple Pages Document
Mar 10, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-0903
MEDIUM
Mattermost Server <= 6.3.2 - Denial of Service via SAML Login POST Body
Mar 10, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-0708
MEDIUM
Mattermost <6.3.0 - Info Disclosure
Feb 21, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-37867
MEDIUM
Mattermost Boards < 0.10.0 - Authenticated Sensitive Information Exposure via API
Jan 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-37866
MEDIUM
Mattermost Boards < 0.10.0 - Insufficient Session Expiration
Jan 18, 2022
CVSS 4.7
EPSS 0.01
CVE-2021-37865
MEDIUM
Mattermost < 6.2.0 - Authenticated Denial of Service via Crafted GIF File Upload
Jan 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-37864
LOW
Mattermost < 6.1 - Authenticated Improper Access Control via Archived Channel API
Jan 18, 2022
CVSS 2.6
EPSS 0.01
CVE-2021-37863
LOW
Mattermost < 6.0 - Authenticated Denial of Service via Malicious Post Creation
Dec 17, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-37862
LOW
Mattermost < 6.0 - Email Address Spoofing via Crafted Invitation Token
Dec 17, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-37861
MEDIUM
Mattermost < 6.0.2 - Password Exposure in Audit Logs
Dec 09, 2021
CVSS 5.8
EPSS 0.01
CVE-2021-37860
LOW
Mattermost < 5.38 - Stored Cross-Site Scripting via Clipboard Content
Sep 22, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-37859
HIGH
Mattermost 5.32.0-5.34.5 - Reflected Cross-Site Scripting Bypass in OAuth Flow
Aug 05, 2021
CVSS 7.1
EPSS 0.03
CVE-2020-13891
HIGH
Mattermost Mobile Apps <1.31.2 - Open Redirect
Jun 26, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-14460
MEDIUM
Mattermost Server <5.19.0 - Privilege Escalation
Jun 19, 2020
CVSS 6.5
EPSS 0.01
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters